PCI Security Insights

The objective of URM’s PCI Security Insights, through a combination of newsletters and webinars, is to keep you informed of the latest news and developments around the protection of cardholder data. You will be informed of any changes or proposed changes to the Payment Card Industry Data Security Standard (PCI DSS). Not only will we report on changes being made by the PCI Security Standards Council (SSC), but we will also provide an analysis of the implications for organisations and how to address any new requirements. Our Qualified Security Assessor (QSA) Team will also keep you informed of any reported breaches (and lessons learned), along with hints and tips to ensure your ongoing compliance journey is simplified as much as possible.

In our Spring 2018 Newsletter, for example, you will find articles on:

  • Latest card data breaches and lessons to be learnt
  • Summary of latest news from PCI Security Standards Council
  • Changes in mandated requirements
  • Top tips for compliance
  • Longer term considerations
  • Useful resources and articles

In terms of future newsletters and webinars, here are some of the future topics we will be addressing. Our QSAs have selected topics which, in their experience, many organisations have difficulty in complying with.

Title Description Type
The what, why, and who of the PCI DSS An overview of the whole Standard, along with the reasons that it exists and an examination of who has to comply and why. Webinar
Top 5 common pitfalls of PCI DSS compliance A run-down of the top 5 areas that most organisations struggle with in terms of achieving compliance. Newsletter article
The myth of outsourcing card payments A common misconception held by a number of organisations is that by outsourcing their payment functions, they no longer need to comply with the PCI DSS. This webinar will clearly present what the organisation’s compliance obligations are in an outsourcing scenario. Webinar
Merchants vs Service Providers: Managing Relationships Includes a clear description and definition of the two types of entities and how the PCI DSS deals with the relationship between them. Also covers how the lines of responsibility should be drawn and why both entities always have some residual level of responsibility. Newsletter article
The 6 Control Objectives and their 12 requirements A high-level overview of each the 12 requirements within the PCI DSS and how the Standard is structured to make compliance planning easier. Webinar
Preparing for a Report on Compliance (RoC) A detailed examination of the activities that organisations need to carry out in order to prepare for their RoC. Newsletter article & whitepaper
The importance of scope reduction Covering the importance of scope reduction, where it is recommended and how it can be achieved. Webinar
The complexities of PCI DSS security testing Discussion on what should be tested and how often, ensuring that the complexities of quarterly scanning are addressed. Newsletter article & whitepaper
SAQs: What are they and which one is the right one? An overview of the 9 different SAQs and which types of organisation they apply to. Webinar
Logging requirements and retention of evidence Complex logging requirements are covered in some detail, examining what needs logging and from where. There is also a discussion on ‘best practice’ evidence retention. Newsletter article & whitepaper
The paperwork of PCI DSS An examination of the types of documentation required to meet the PCI DSS and why this is such a commonly overlooked area of compliance. Webinar
PCI DSS vs GDPR A discussion of where and how the PCI DSS and the GDPR interface and overlap, and why both have a place within any organisation. Newsletter article

If you are interested in our webinar programme or receiving our PCI Newsletter, please enter you details below.